The system uploads the file interface and calls the upload() function with security risks, which causes attackers to upload files with arbitrary file suffixes (such as webshell). Therefore, this function has a large security risk.
Specific method path: cn.huanzi.qch.baseadmin.sys.sysfile.controller.SysFileController#upload
You can fix the question by limiting the suffix of uploaded files
1n7erface
commented
1 year ago
The system uploads the file interface and calls the upload() function with security risks, which causes attackers to upload files with arbitrary file suffixes (such as webshell). Therefore, this function has a large security risk.
Specific method path: cn.huanzi.qch.baseadmin.sys.sysfile.controller.SysFileController#upload
You can fix the question by limiting the suffix of uploaded files